Sent Items Logging

Discussion in 'privacy problems' started by snowman, Dec 22, 2002.

Thread Status:
Not open for further replies.
  1. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Snowman,

    This one will always be recreated, it's part of the install, like when you install a FAX progy : after installing you get a welcome FAX message which was never sent. Rebuilding the *.dbx and this "mail" never received from outside comes back. Even on computers without any connexion get this "mail".

    Windows must keep some info about your accounts in the registry otherwise you would not be able to send any mail.


    That's where a NT system is more secure : only users with rights on determined folders should access these data.

    Cheers,
     
  2. snowman

    snowman Guest

    Primrose

    very nice reply.....appreciated. In my case all deletes are actually wiped....never less than 7 times with DOD.......everyday the used space on C drive wiped...often several times each day....never less than one wipe....each weekend wiped with Gutmann.............before each wipe everything cleared..index dat etc..cache..
    certainly agree with you on the need for secure wipe.......an wipe your comments about the nature of software/computers..............


    JACK

    appreciate the info.......soon as I wake-up alittle more I will change that Store Root.....
    being a person who never uses e mail I am in a position to play with the setting a bit......lost of sending e mail wont bother me............if needed will use a web mail.......mostly just curious to see what happens...........will not delete Identity.......just change the Store Root


    STATUS: at the moment no "old" info is being re-create other than that "welcome e mail" which as Jack point out is "normal"...........
    info only related to the C drive/os is created "new"....I believe this is only because of.....as Primrose pointed out... a secure "wipe" has been done..numerous times.......otherwise old info would appear.

    one thought to share..........its been clearly shown through out this topic that the "exploit" in question collects private information and stores it............as yet no clear solution has been found.............its also been shown that if someone can access the computer...change the settings.......any information Not secure wiped can be recovered without the use of third party tools...(info in those folders)

    Here is a situation where a PERSONAL commitment to security comes into play.........a commitment to SECURELY WIPE in particular........several poster have already give great suggestions on that subject......an are more experts than I..........they are best to offer comments

    DESKTOP SECURITY: preventing access to the computer.
    This is a topic all to itself.....yet obviosly some desktop security is needed..........an not some toy of a program that any K grader can bypass.....imo desktop security will be consider the first line of protection..........
    sadly although I have one desktop security,,,,rarely do I use it...........well imo that over-sight because of the afrementioned exploit must be corrected..in my case..
     
  3. snowman

    snowman Guest

    TYPO CORRECTION:


    >an wipe your comments about the nature of software/computers..............<


    SHOULD HAVE BEEN: "an WITH your comments about the nature of software/computers"


    PRIMROSE...sorry about that typo
     
  4. snowman

    snowman Guest

    * Have already stated that this issue is well above my knowledge......so I am randomly throwing out questions in hopes that the more experience can offer their knowledge*



    Question: Would removing windows messenger from outlook express help in this matter ?
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    I can answer that last one. No, removing Messenger will not make any difference in the logging in that folder. It might log some more, but I´m not sure about that.
    It´s bad enough that I activated Outlook just to find out what you were all talking about. I refuse to use either Outlook or Messenger ;)

    Regards,

    Pieter
     
  6. snowman

    snowman Guest

    PIETER

    thank you much....I am much depending on persons like yourself who have extensive knowledge........I've devoted alot of manhours on this issue but now my knowledge limit has been reached...........I'll continue to research...only must depend on persons of your knowledge....

    oddly this exploit is not a real issue with me due to my security habits...at least not now that I am awear of its existence......Pieter its those millions out there who have no idea about security that I am trying to help.....
    By the ways.....this topic is getting extremely long....to all mods and administration......if for any reason what ever you feel the thread is either to long or whatever...please advise an no further postings will be made by me.....absolutely no offense will be taken by me.....I want to be considerate of the forum.......my only desire........


    another quick question: Would disabling Save As Web Page Complete in IE help to prevent the logging of the websites posters have menbtioned..?


    * as you can see the tweaks mentioned are of the registry type......an I sure don't need a os crash right now LOL.....thus the questions
     
  7. snowman

    snowman Guest

    Decided to make the call myself in respect to the Administraion.........this thread has become enormous......so for the time being I will stop posting.

    will continue to research....if a solution is found it will then be posted. Just does not make much sense for me to keep building onto an already enormous thread....


    TO ALL PERSONS WHO REPLIED

    Truely your help has been greatly appreciated......there has been real teamwork here....an I feel a personal sense of pride to know such good.., decent people like yourselfs..devoted to security and others.....THANK YOU

    Snowman
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi snowman,

    If I can find the time somehow, I will try to setup my test computer and check some of the options offered by you.
    I already installed ME and a firewall. So all I really have to do is find a safe way to share the internet on this one :rolleyes:
    That should enable some testing.

    Don´t worry about the length of the thread. The length is of no consequence as long as a workable solution comes up, which I hope very much.

    Regards,

    Pieter
     
  9. snowman

    snowman Guest

    PIETER

    That is most appreciated....truely I put my heart into this yet must admit to being "at wits end"..........but not defeated LOL

    Pieter...was just looking at: " last access stamp" which basically updates the time stamp each time a directory is accessed.......if that was disabled...(certainly would enhance performance) but would that "fool" the os into not updating the information being logged..an instead just log the "old" info over and over again?? this is not for all os's...would only work with NT, 2K and XP.....

    About the size of the thread....your kindness is appreciated.......an yet I do wish to be considerate......allow others to post their ideas etc......plus give experience persons like yourself time to look into this issue......otherwise the thread would get so large it would spill over onto some else's website...lol


    snowman
     
  10. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Pieter ;)

    AFM, first thing I do when installing Windows is uninstalling Messenger :)

    OE6SP1 with the right configuration is as secure as any other Mail client. (read in plain txt).

    I didn't look for but I am nearly sure that any other Mail client as exactely the same oddity about the store folder: it's not an OE problem but rather related to Windows OS IMHO.

    Cheers,
     
  11. snowman

    snowman Guest

    QUESTION:

    what about disabling "Write Behind Caching" (I think this can only be done on 95/98/ME) an let the data be written directly to the disk bypassing the cache.....?

    these are all workable Tweaks.....due to my doing so many reformats I just don't do the tweaks after each format..........

    ok..that was my last post for now....my eyes are driping from the strain of reading the registry...time to relax.....an just read you guys...

    Great Day To All

    snowman
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Just a quick thought before I reread this entire thread and do some testing:

    Check out this key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{Hexadecimal ID Number}\Count

    Other then that I´d like to know if you have OE as your default e-mail client.

    That ought to give you something to do once your eyes are rested. :)

    Regards,

    Pieter
     
  13. snowman

    snowman Guest

    Pieter

    sorry for the delay in replieing.....needed some sleep desperately..


    as you requested


    Have got two (2) (id #) counts

    one....(not actual title) "version"=default+version

    another(not actual title) " HRZR"= default+HRZR


    default
    version


    default
    HRZR this one contains a large amount


    yes..outlook express is the only e mail client on the machine.......pop3 uses it also


    snowman
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi snowman,

    I think MRUBlaster cleans that up when you check the Windows UserAssist MRUs.
    If you wish, do that and then add the folowing to your registry:

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\Settings]
    "NoEncrypt"=dword:00000001
    "NoLog"=dword:00000001

    I´m curious if new entries will then still be made in the Sent Items.dbx that don´t belong there.

    Regards,

    Pieter
     
  15. snowman

    snowman Guest

    Pieter

    on my way to bed....just dropped by for a second.....after a very long sleep....I'll give your instructions a try......just much to tired right now..........

    have been in the registry so long that everything has become a blurr.........


    snowman
     
  16. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,284
    Location:
    New England
    Hi Pieter,

    I'm wondering - I did create the "NoEncrypt" key a while back when I first heard of and saw all the tracking information stored in the UserAssist area of the registry, and it was interesting to see the information in a non-scrambled format, but, I have a couple differences...

    First, I created the "NoEncrypt" key in a different place:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\Settings]
    "NoEncrypt"=dword:00000001

    Second, to stop the logging of information altogether, I used the "NoInstrumentation" key, locating it here:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoInstrumentation"=dword:00000001

    This did stop the logging of new information in the UserAssist subkeys. I'm just wondering if you know anything more about that "NoLog" key and how it differs from the "NoInstrumentation" key? (I'm on Windows XP.)

    Reference to the "NoInstrumentation" key setting:
    http://www.winguides.com/registry/display.php/641/
     
  17. snowmam

    snowmam Guest

    LWM

    John I just awoke.....had only 4 hours sleep in 48 hours an was out of it.......I'll have to be careful an not stay awake so long again.......effects my business.


    to your question.....I disabled that key by the "run"

    Regscr32.exe -uc:\windows\system\regwizc.dill
    (to disable)

    regsvr32.exe -uuc:\windows\system\regwizc.dll

    (to re-enable)


    that is the one you are referring too isn't it ? usually I disable this but had forgot to after my last re-format.....an so disable it only a couple of days ago........in fact..since no info is being logged may just maybe its helped........have made so many tweaks that right now I need to step back an start making a record of the changes made.....

    well almost 9 p.m. slept the entire day...better take care of business now.

    snowman
     
  18. snowman

    snowman Guest

    Pieter

    just a brief comment....MRUblaster has been on the os awhile....it never prevented the logging....is that what you are asking o_O

    snowman
     
  19. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,284
    Location:
    New England
    I think Pieter meant that MRU Blaster cleans the UserAssist keys (records) in the registry, and he wondered if this was somehow related to the OE sent items logging you are seeing. No, you are correct, MRU Blaster does not prevent the creation of those usage records, it only cleans them out after the fact.

    I think Pieter wanted you to create the "NoLog" key in Regedit (at the location noted in his post above) to see if that also prevents the logging of information to your sent items dbx file. (My post was to say that a different key, the "NoInstrumentation" key at a different location, also stops the logging of User Assist usage info, and perhaps you'd want to create that key, as well.)

    I think this is just a "shot in the dark" as far as the OE sent items logging issue, but, the UserAssist keys can be considered a large privacy issue in and of themselves since they track all the programs you run.

    Best Wishes,
    LowWaterMark
    - BTW - my name is Mike, not John - if that name in your post was directed at me ;)
     
  20. snowman

    snowman Guest

    John

    thanks for explaining.........since I've taken the first step of this trip I may as well "do them all" ...its just very difficult for me to keep up with all the changes being made.....in the beginning I should have kept a record.....very first time I have not.......an learned my lesson well.....

    got a laptop being worked on at the same time....confusing..

    snowman
     
  21. snowman

    snowman Guest

    Pieter and John

    My os does not have "settings" NoEncrypt"
    "NoLog"

    In particular not showing "settings" if I understand correctly the other two would need to be created.....(.this is on a win98.......)
     
  22. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,284
    Location:
    New England
    Ah, okay. My post was mostly applicable to the Windows NT family (W2K and XP), so, this may not work for you. (Although it might (small chance) and really shouldn't hurt to try it. Having a value in an unused registry key is generally not a problem. It just doesn't do anything.) As for the key Pieter posted, I don't have that one in my registry either, so I can't advise about that one. Let's see what Pieter says when he gets back on.
     
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    I did some research on this when SP1 for XP was not yet released, there may have been some changes, but I don´t think so.
    I picked up the registry changes on these two sites:
    http://support.microsoft.com/default.aspx?scid=KB;EN-US;q239062&

    http://www.easywindows.com/messages/2402.html

    Someone else who looked into this: http://www.utdallas.edu/~jeremy.bryan.smith/articles/explorer_spy.txt

    At the time I discarded it as of little interest, added the keys I mentioned before and let it rest.

    Well, these keys were supposed to work for every user on every version of Windows, but they don´t o_O

    Now I´ve tried adding them as shown in the attachment and will check now and then, but I can tell you already that encrypted logs are still made. Less then before it seems, but really to early to tell.
    The one LowWaterMark posted looks much better, but seems limited to Win2k and XP.

    You´re description of what was being logged triggered me to remember these UserAssist keys.
    I hope this leads somewhere and is of any help.
    Because the ice is pretty thin where I´m standing :D

    Regards,

    Pieter
     
  24. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Forgot the attachment. LOL
     

    Attached Files:

  25. snowman

    snowman Guest

    PIETER and JOHN (LwM)


    been at this for 14 hours....one laptop bit the dust....did a deltree on it....EVERYTHING!!! anyone know of an os I can install from floppy(freeware) LOL.....can still use the msdos mode on the A...but only by using the bootdisk.......no drives...

    well guys....Pieter that link you provided about the guy who noticed the problem...my guess is that he is looking in the wrong places......Windows is caching that info somewhere......in the os.....not the normal caching....that I clean countless times each day......finding where that caching place is wins the battle imo....from there some way can be found to control it..
    of course the registry will do the controling.....as yet we just don't know where at.......WE WILL!!!!!
    I definitely have found alot of new info (for me its new) while poking in the registry.......Windows is loaded with tons of complete garbage.......

    how in heck this go un-noticed all these years...an if anyone should be concerned it should be the software vendors.....once word gets around that certain products are useless sales will crumble........
    just rambling right now......many thoughts and questions.......an guys I am not nearly as experince as yourselfs....so expect be to crash the os during this testing...LOL..........

    May you have the greatest new year of ever...

    Snowman
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.